
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by YpY on ma 10-10-2016 at 19:01:40.85.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\YpY\Favorites\Downloads\zoek(4).exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2016-02-22-153702.log	26808 bytes
C:\zoek-results2016-02-23-062535.log	941 bytes
C:\zoek-results2016-10-09-172304.log	35722 bytes

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Users\YpY\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Users\YpY\Favorites\Downloads\zoek(4).exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
R2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
R2 - [DsiWMIService] - Dritek WMI Service - c:\program files (x86)\launch manager\dsiwmis.exe
R2 - [ePowerSvc] - Acer ePower Service - c:\program files\acer\acer epower management\epowersvc.exe
R2 - [GREGService] - GREGService - c:\program files (x86)\acer\registration\gregsvc.exe
R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
R2 - [Live Updater Service] - Live Updater Service - c:\program files\acer\acer updater\updaterservice.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [NisSrv] - Microsoft Netwerkinspectie - c:\program files\microsoft security client\nissrv.exe
R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S2 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [EgisTec Ticket Service] - EgisTec Ticket Service - c:\program files (x86)\common files\egistec\services\egisticketservice.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [gusvc] - Google Updater Service - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Windows\SysNative\config\systemprofile\Searches deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3948 MB
CPU Info: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
CPU Speed: 2101.8 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR5B97 Wireless Network Adapter | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 1x (D: | ) D: PIONEER DVD-RW DVRTD10RS
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Mouse Present
Hard Disks: C:  449.7GB
Hard Disks - Free: C:  345.4GB
Manufacturer *: Acer
BIOS Info: AT/AT COMPATIBLE | 04/25/11 | ACRSYS - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Acer JE70_HR
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Default Browser: Firefox	47.0.1
Internet Explorer Version: 11.0.9600.17280 
Mozilla Firefox version: 47.0.1 (x86 nl)
Google Chrome version: 53.0.2785.143
Adobe Reader version: 15.8.20082.147029
Sun Java version: 1.8.0_73 (32-bit) 
Sun Java version: 1.8.0_73 (64-bit) 
Flash Player version: 21.0.0.242
Shockwave Player version: 11.0.3r471

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\YpY\AppData\Local\Temp ====
2016-10-09 12:51:47	57CAC848FA14AE38F14F9441F8933282	140288	----a-w-	C:\Users\YpY\AppData\Local\Temp\jrt\pcre3.dll
2016-10-09 12:51:47	547C43567AB8C08EB30F6C6BACB479A3	79360	----a-w-	C:\Users\YpY\AppData\Local\Temp\jrt\regex2.dll
2016-10-09 12:51:46	E0DC8C6BBC787B972A9A468648DBFD85	1008128	----a-w-	C:\Users\YpY\AppData\Local\Temp\jrt\libiconv2.dll
2016-10-09 12:51:46	D202BAA425176287017FFE1FB5D1B77C	103424	----a-w-	C:\Users\YpY\AppData\Local\Temp\jrt\libintl3.dll
2016-10-09 12:51:46	2F9C7FDA92C346CB5AA32091536AE0CB	43520	----a-w-	C:\Users\YpY\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2016-10-09 12:51:45	2251CEB04ADFFB068F80A6C98F5B7ABB	106448	----a-w-	C:\Users\YpY\AppData\Local\Temp\jrt\CreateRestorePoint.exe
2016-10-09 12:27:04	9482AD5B4CD39A0F343009D2597DEA11	128388880	----a-w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-36c767c3.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-10-10 16:56:02	18DFCF4A2BF42B3BE7E71DA2E4E01736	5105408	----a-w-	C:\Windows\Sysnative\FNTCACHE.DAT
====== C:\Windows\Sysnative\drivers =====
2016-10-09 12:55:25	78488AF2AB2111D67B3C4044707A519B	192216	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2016-10-09 12:53:05	452ACB7A9914398D9E18CCCFFCF92208	64896	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2016-10-09 12:53:05	1239597BAB7EED2BB16D035AF87E65D9	140672	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2016-10-09 12:53:04	78BFF5425E044086E74E78650A359FBB	27008	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\YpY\AppData\Roaming ======
2016-10-10 16:57:21	D6A10C14C1AC216773298241117F23FE	114328	----a-w-	C:\Users\YpY\AppData\Local\GDIPFONTCACHEV1.DAT
====== C:\Users\YpY ======

====== C: exe-files ==
2016-10-10 17:41:39	BC158D4F14B7F51BE0ECD30BE43FB5E4	404712	----a-w-	C:\ProgramData\Adobe\ARM\S\21676\AdobeARMHelper.exe
2016-10-09 14:18:26	BC158D4F14B7F51BE0ECD30BE43FB5E4	404712	----a-w-	C:\ProgramData\Adobe\ARM\S\27389\AdobeARMHelper.exe
2016-10-09 13:35:55	1FDBDF5D4022308829985995E79C0D68	559848	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe
2016-10-09 13:31:12	8792F74FCCB36BBC710F1137603A8448	48840	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe
2016-10-09 13:31:10	525878A33096DBFCED453DFD88B425E4	1163552	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe
2016-10-09 13:31:06	45D746B717F24D84BE09CE97778D8047	483656	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe
2016-10-09 13:31:01	C20B9A5B7EBDAD26026723FB4B6E250D	94048	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
2016-10-09 13:31:00	EC9079003CF12F7DB55083B05D682C08	5862696	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe
2016-10-09 13:30:58	077ED025F0CF41CF4B118783D575C7F0	851736	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe
2016-10-09 13:30:53	DCB42C9F5672DF97B90EE06EDDE9A2D0	8023336	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe
2016-10-09 13:30:50	82CCD5CD4E2732E90D3DE748D635F6B6	1932472	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\winword.exe
2016-10-09 13:30:46	281701DB30FF9E66F7C6A1A1A5659778	537856	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe
2016-10-09 13:30:33	86D8E8527072AD9B16F46838B192BAA8	920776	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe
2016-10-09 13:30:30	3C019492D8E21C926FCBE00A196D9949	578912	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\orgchart.exe
2016-10-09 13:30:29	115047379F44DEDC8764CF1AC2469587	490272	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe
2016-10-09 13:30:24	1BCB0C8B5BEE83EDA44C562C9C86F7E7	883928	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2016-10-09 13:30:16	186035B515FF88851CAAF6711FF3441B	19140296	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
2016-10-09 13:30:02	60D4CB28FF7E472E810DFFC026441540	1555240	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\ocpubmgr.exe
2016-10-09 13:30:00	C30DD389F9CC958D6A9C8E6CA3C382FD	1772232	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\onenote.exe
2016-10-09 13:29:54	DE26662998574C2308CD2912EBD3E99C	15529152	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msaccess.exe
2016-10-09 13:29:52	B2ACE87F2E4D4160FF4DC6AAF3C95E25	10786512	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\mspub.exe
2016-10-09 13:29:51	870E3088D6DACD2406D426B8E734FA52	709312	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msqry32.exe
2016-10-09 13:29:50	50580276613C7D4495042E4D334BE103	43216	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msoev.exe
2016-10-09 13:29:50	0DAF84093E12B0D1C9E704CA20BCC1AD	508160	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msouc.exe
2016-10-09 13:29:49	2F1186123D9B4B1E32B3119094DE641D	43240	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msotd.exe
2016-10-09 13:29:46	851B51BCCD63C7ECE1E81362C75CB940	526672	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe
2016-10-09 13:29:45	8EB5356E7836C41F36D8E8C7DBFFE30A	24094920	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\lync.exe
2016-10-09 13:29:43	79F29AC31C42E891848C62ED67A49434	1793744	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\infopath.exe
2016-10-09 13:29:42	36A9B229159442C67A35B6E2325ED027	6748872	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconv.exe
2016-10-09 13:29:38	19170813CAEFF42E398F74A86356D564	4531456	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\graph.exe
2016-10-09 13:29:37	B08D6C3186D0B80FFB916CD596279B4C	8859904	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\groove.exe
2016-10-09 13:29:32	9CC62B2B6D396BA2ABE36D2879EF1A78	999104	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\firstrun.exe
2016-10-09 13:29:29	1F24ACDFAAFB7B776FE615E48F838844	25739968	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\excel.exe
2016-10-09 13:29:27	6154E0E1F33405275448949B015AFD9F	21955264	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2016-10-09 13:29:20	9640B84CEAADC5F7AA8809A236F1D2E0	238320	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\clview.exe
2016-10-09 13:29:15	1EEFCB43CD5986598CD1462B98CF78D4	42696	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\appsharinghookcontroller.exe
2016-10-09 13:29:11	F5E2556A617C16904922297A69CE896E	651032	----a-w-	C:\Program Files\Microsoft Office 15\root\Integration\integrator.exe
2016-10-09 13:28:06	9E195733E6C32B6B1DEE7F7CFB508AB1	320896	----a-w-	C:\Program Files\Microsoft Office 15\root\client\AppVLP.exe
2016-10-09 13:28:06	875A61965DA4264C5C22CF54BAE7B2EA	145064	----a-w-	C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate64.exe
2016-10-09 13:28:02	F1AC2CE2956E089F5F221AEB2DC5B083	124072	----a-w-	C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate32.exe
2016-10-09 13:27:37	4461DA1C01AF7EFC117AAE2CC0FB2B75	205480	----a-w-	C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
2016-10-09 13:27:37	1A06DBE8A82A327BB2F18D1611DE68F3	249000	----a-w-	C:\Program Files\Microsoft Office 15\ClientX64\mavinject32.exe
=== C: other files ==
2016-10-09 17:25:06	144F75610B8582C19C1A7DD16AAA966F	4869	----a-w-	C:\Users\YpY\AppData\Local\Temp\xpi\tmp.zip
2016-10-09 12:51:41	D771EE6FA85098FB497C36090DD5AE3A	129405	----a-w-	C:\Users\YpY\AppData\Local\Temp\jrt\get.bat
2016-10-09 12:44:45	F3AA2AA84D02237ECAFEF0C38A22D0F9	6260	----a-w-	C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313\features\{04bba0bc-c95b-430a-adac-758b34c706df}\e10srollout@mozilla.org.xpi
2016-10-09 12:44:45	A1948026A109F1F11CB76B8BC3F4A314	686164	----a-w-	C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313\features\{04bba0bc-c95b-430a-adac-758b34c706df}\firefox@getpocket.com.xpi
2016-10-09 12:44:45	4623ECF38DAFD44EC72EFBB40B0BC1CA	5745	----a-w-	C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313\features\{04bba0bc-c95b-430a-adac-758b34c706df}\websensehelper@mozilla.org.xpi
2016-10-09 12:44:45	32F9E6D9F7D3A167A516DA371F14C20C	5391	----a-w-	C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313\features\{04bba0bc-c95b-430a-adac-758b34c706df}\loop@mozilla.org.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4038081757-550974096-142076149-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\YpY\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Google Update"="C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\YpY\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Google Update"="C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\YpY\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"vProt"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\""
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Creative Cloud"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcadeMovieService"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]
"command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k"
"hkey"="HKLM"
"item"="BackupManagerTray"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate]
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\""
"hkey"="HKLM"
"item"="EgisTecPMMUpdate"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate]
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d"
"hkey"="HKLM"
"item"="EgisUpdate"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\YpY\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeePass 2 PreLoad]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KeePass 2 PreLoad"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\KeePass Password Safe 2\\KeePass.exe\" --preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuiteTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME.exe"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Transfer Utility Camera Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Transfer Utility Camera Monitor.lnk"
"backup"="C:\\Windows\\pss\\Transfer Utility Camera Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PIXELA\\TRANSF~1\\CAMERA~1.EXE "
"item"="Transfer Utility Camera Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^YpY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
"path"="C:\\Users\\YpY\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\EvernoteClipper.lnk"
"backup"="C:\\Windows\\pss\\EvernoteClipper.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\Evernote\\Evernote\\EVERNO~2.EXE "
"item"="EvernoteClipper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^YpY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Password Safe.lnk]
"path"="C:\\Users\\YpY\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Password Safe.lnk"
"backup"="C:\\Windows\\pss\\Password Safe.lnk.Startup"
"backupExtension"=".Startup"
"command"="E:\\Passwordsafe_usb\\Password Safe\\pwsafe.exe -s"
"item"="Password Safe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^YpY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk]
"path"="C:\\Users\\YpY\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\tcbhn.lnk"
"backup"="C:\\Windows\\pss\\tcbhn.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\YpY\\AppData\\Roaming\\BROWSE~1\\tcbhn.exe -interval=10 -IEhome=0 -IEsearch=0 -FFhome=0 -FFsearch=0 -CHhome=0 -CHsearch=0 -pubId= -affId="
"item"="tcbhn"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04-06-2016 16:01]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 19:52]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 19:52]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001Core.job --a------ C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe [01-09-2015 19:52]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001UA.job --a------ C:\Users\YpY\AppData\C:ocaC:\GoogC:e\Update\GoogC:eUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-YpY-PC-YpY" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001Core" [C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001UA" [C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\OneDrive Standalone Update Task" [C:\Users\YpY\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{0AFA89FA-4B5A-4355-94B2-17B4B3E3F765}" [C:\Program Files (x86)\EA Games\Command &amp; Conquer The First Decade\Launcher\TFDLauncher.exe]
"C:\Windows\SysNative\tasks\{16AB30CD-28DF-4EC4-94A6-A61547077AF1}" [C:\Program Files (x86)\EA Games\Command &amp; Conquer The First Decade\Launcher\TFDLauncher.exe]
"C:\Windows\SysNative\tasks\{3056E4D1-4391-4F10-BE79-77191EA9DC23}" [C:\Program Files (x86)\EA Games\Command &amp; Conquer The First Decade\Launcher\TFDLauncher.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2016-04-28 14:50:42	--------	d-----w-	C:\PROGRA~3\Google

==== Firefox Extensions ======================

ProfilePath: C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\YpY\AppData\Roaming\TomTom\HOME\Profiles\mzehcktx.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013
F987F944D2B9A9D5D7886061B0D87120	- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll -	Microsoft Office 2013
7D04E74E8B63FF93F26C6A2EC14A4EE7	- C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
258693279212838A6A879A69A17BE215	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll -	Shockwave Flash
3EE8AE0ECFE5D79DE1737A855AD1E84C	- C:\Users\YpY\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll -	Google Update


==== Chromium Look ======================


Chrome Web Store Payments - YpY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\YpY\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Google Update] "C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Afbeelding knippen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Kopieer selectie - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Kopieer URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Nieuwe notitie - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Pagina opemen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Unibet - {00D4226F-7A26-433A-8E2C-1F866FB08176} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\YpY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\YpY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\YpY\AppData\Local\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\YpY\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=300 folders=64 369072393 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\YpY\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\YpY\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 10-10-2016 at 20:11:23.79 ======================